A state investigation is underway to determine the unauthorized access to personal information of Rochester Gas and Electric Corp. and New York State Electric and Gas Corp. customers — including Social Security numbers, dates of birth and some financial institution account data.
The Rochester, NY-based companies said an employee at a software consulting firm contracted by RG&E and NYSEG allowed the access to one of the companies’ customer information systems.
The utilities said there is no evidence of customer data misuse nor malicious intent. Law enforcement officials are aware of the situation and an internal investigation also is under way, the companies said.
“We take our responsibility to protect customer information very seriously and we have robust information technology security measures in place,” said Mark S. Lynch, president of RG&E and NYSEG. “As a precautionary measure, we are offering NYSEG and RG&E customers the option of a credit monitoring service at no charge.”
New York State Public Service Commission Chairman Garry Brown said the state’s investigation will focus on the company’s plans to identify, communicate with and help affected customers. It will also look for the root causes of the security breach and what measures are in place to protect customer information.
“Public utilities are custodians of a great deal of personal customer information,” Brown said. “As a result of this apparent data security breach, I have asked staff of the Department of Public Service to immediately initiate an investigation of the facts and circumstances surrounding this event.”